Description

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Remediation

References

CVE-2008-3963

Related Vulnerabilities

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20102)

MySQL CVE-2017-3465 Vulnerability (CVE-2017-3465)

WordPress Plugin GS Filterable Portfolio Cross-Site Scripting (1.6.0)

WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)

Perl Use of Externally-Controlled Format String Vulnerability (CVE-2012-1151)

Severity

Medium

Classification

CVE-2008-3963 CWE-134

Tags

Missing Update Known Vulnerabilities